/**
 * OWASP GoatDroid Project
 * 
 * This file is part of the Open Web Application Security Project (OWASP)
 * GoatDroid project. For details, please see
 * https://www.owasp.org/index.php/Projects/OWASP_GoatDroid_Project
 *
 * Copyright (c) 2011 - The OWASP Foundation
 * 
 * GoatDroid is published by OWASP under the GPLv3 license. You should read and accept the
 * LICENSE before you use, modify, and/or redistribute this software.
 * 
 * @author Jack Mannino, nVisium Security (https://www.nvisiumsecurity.com)
 * @created 2011
 */
package org.owasp.goatdroid.fourgoats.webservice.checkin;

import java.sql.SQLException;
import java.util.ArrayList;
import org.owasp.goatdroid.fourgoats.webservice.Constants;
import org.owasp.goatdroid.fourgoats.webservice.Salts;
import org.owasp.goatdroid.fourgoats.webservice.login.LoginImpl;
import org.owasp.goatdroid.fourgoats.webservice.login.LoginUtils;
import org.owasp.goatdroid.fourgoats.webservice.validators.Validators;

public class CheckinImpl {

	static public CheckinBean doCheckin(String sessionToken, String latitude,
			String longitude) {

		CheckinBean bean = new CheckinBean();
		ArrayList<String> errors = new ArrayList<String>();
		if (LoginImpl.isSessionValid(sessionToken)
				&& Validators.validateSessionTokenFormat(sessionToken)) {
			if (Validators.validateCheckinFields(latitude, longitude)) {
				CheckinDAO dao;
				try {
					dao = new CheckinDAO();
					if (dao.doesVenueExist(latitude, longitude)) {
						String userID = dao.getUserID(sessionToken);
						String checkinID = LoginUtils
								.generateSaltedSHA256Hash(latitude + longitude
										+ LoginUtils.getTimeMilliseconds()
										+ userID, Salts.VENUE_ID_GENERATOR_SALT);
						String venueID = dao.getVenueID(latitude, longitude);
						String dateTime = LoginUtils.getCurrentDateTime();
						dao.insertCheckin(dateTime, latitude, longitude,
								userID, venueID, checkinID);
						int totalCheckins = dao.getTotalCheckins(userID);
						dao.updateUserInfo(latitude, longitude, dateTime,
								totalCheckins, userID);
						if (dao.doesVenueHaveReward(venueID)) {
							String rewardID = dao.getRewardID(venueID);
							if (dao.getCheckinsAtVenue(userID, venueID) >= dao
									.getRewardCheckinsRequired(rewardID)) {
								// check to make sure user hasn't already earned
								// reward
								if (!dao.doesUserHaveReward(userID, rewardID)) {
									dao.addReward(userID, rewardID);
									bean.setRewardEarned(dao.getRewardInfo(
											rewardID, venueID));
								}
							}
						}
						bean.setCheckinID(checkinID);
						bean.setDateTime(dateTime);
						bean.setVenueName(dao.getVenueName(venueID));
						bean.setLatitude(latitude);
						bean.setLongitude(longitude);
						dao.closeConnection();
						bean.setSuccess(true);
						return bean;
					} else {
						dao.closeConnection();
						errors.add(Constants.VENUE_DOESNT_EXIST);
					}
				} catch (InstantiationException e1) {
					errors.add(Constants.UNEXPECTED_ERROR);
				} catch (IllegalAccessException e1) {
					errors.add(Constants.UNEXPECTED_ERROR);
				} catch (ClassNotFoundException e1) {
					errors.add(Constants.UNEXPECTED_ERROR);
				} catch (SQLException e1) {
					errors.add(Constants.UNEXPECTED_ERROR);
				}
			} else
				errors.add(Constants.UNEXPECTED_ERROR);
		} else
			errors.add(Constants.INVALID_SESSION);

		bean.setErrors(errors);
		bean.setSuccess(false);
		return bean;
	}
}
